Re: outsourced call centers costing millions in identity theft

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

> "A former Chase call center rep tells the story about this one thief who was
> able to rip off one customer for over $40,000, thanks to his constant outwitting
> out the internationally out-sourced security department. 
>
> "The Americans would beg and plead with the Filipinos to not unblock the
> account, and over and over again they would. Says our insider, if US security
> had been able to intervene from the get-go, he would never have been able to
> do so much financial damage."

> http://consumerist.com/5069018/how-outsourced-call-centers-are-costing-millions-
> in-identity-theft

Well, everyone knows I am not a fan of outsourcing.  However, I think that 
outsourcing, per se, may be getting a bad rap on this one.

Why *couldn't* the "US security" intervene?  Why wasn't there a provision for 
an alert on the account?  Why wasn't there a lock on the account requiring that it 
be dealt with locally?  Why wasn't there either a flag or a lock on the account 
requiring at least a supervisor be involved?

I don't see just dumb call centre staff here.  I see bad design.

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
What you can do or think you can do, begin it. For boldness has
magic, power, and genius in it.         - Johann Wolfgang von Goethe
victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.